test: Add integration tests for excluded groups in contacts and sharees

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
1 month ago · 70ed393b34
parent 75edec9d6c
commit 70ed393b34
4 changed files with 211 additions and 0 deletions
--- a/build/integration/features/bootstrap/FeatureContext.php
+++ b/build/integration/features/bootstrap/FeatureContext.php
@ -25,5 +25,7 @@ class FeatureContext implements Context, SnippetAcceptingContext {
 		$this->deleteServerConfig('bruteForce', 'whitelist_0');
 		$this->deleteServerConfig('bruteForce', 'whitelist_1');
 		$this->deleteServerConfig('bruteforcesettings', 'apply_allowlist_to_ratelimit');
+		$this->deleteServerConfig('core', 'shareapi_exclude_groups');
+		$this->deleteServerConfig('core', 'shareapi_exclude_groups_list');
 	}
 }
--- a/build/integration/features/bootstrap/ShareesContext.php
+++ b/build/integration/features/bootstrap/ShareesContext.php
@ -22,5 +22,7 @@ class ShareesContext implements Context, SnippetAcceptingContext {
 		$this->deleteServerConfig('core', 'shareapi_only_share_with_group_members');
 		$this->deleteServerConfig('core', 'shareapi_allow_share_dialog_user_enumeration');
 		$this->deleteServerConfig('core', 'shareapi_allow_group_sharing');
+		$this->deleteServerConfig('core', 'shareapi_exclude_groups');
+		$this->deleteServerConfig('core', 'shareapi_exclude_groups_list');
 	}
 }
--- a/build/integration/features/contacts-menu.feature
+++ b/build/integration/features/contacts-menu.feature
@ -71,6 +71,138 @@ Feature: contacts-menu
    And searched contact "1" is named "Test name"
    And searched contact "2" is named "user2"

+
+
+  Scenario: users can not be searched by display name when searcher belongs to a group excluded from sharing
+    Given user "user0" exists
+    And group "ExcludedGroup" exists
+    And user "user0" belongs to group "ExcludedGroup"
+    And parameter "shareapi_exclude_groups" of app "core" is set to "yes"
+    And parameter "shareapi_exclude_groups_list" of app "core" is set to "ExcludedGroup"
+    And user "user1" exists
+    And As an "admin"
+    And sending "PUT" to "/cloud/users/user1" with
+      | key | displayname |
+      | value | Test name |
+    When Logging in using web as "user0"
+    And searching for contacts matching with "test"
+    Then the list of searched contacts has "0" contacts
+
+  Scenario: users can not be searched by email when searcher belongs to a group excluded from sharing
+    Given user "user0" exists
+    And group "ExcludedGroup" exists
+    And user "user0" belongs to group "ExcludedGroup"
+    And parameter "shareapi_exclude_groups" of app "core" is set to "yes"
+    And parameter "shareapi_exclude_groups_list" of app "core" is set to "ExcludedGroup"
+    And user "user1" exists
+    And As an "admin"
+    And sending "PUT" to "/cloud/users/user1" with
+      | key | email |
+      | value | test@example.com |
+    When Logging in using web as "user0"
+    And searching for contacts matching with "test"
+    Then the list of searched contacts has "0" contacts
+
+  Scenario: users can not be searched by display name when searcher belongs to both a group excluded from sharing and another group
+    Given user "user0" exists
+    And group "ExcludedGroup" exists
+    And user "user0" belongs to group "ExcludedGroup"
+    And group "AnotherGroup" exists
+    And user "user0" belongs to group "AnotherGroup"
+    And parameter "shareapi_exclude_groups" of app "core" is set to "yes"
+    And parameter "shareapi_exclude_groups_list" of app "core" is set to "ExcludedGroup"
+    And user "user1" exists
+    And As an "admin"
+    And sending "PUT" to "/cloud/users/user1" with
+      | key | displayname |
+      | value | Test name |
+    When Logging in using web as "user0"
+    And searching for contacts matching with "test"
+    Then the list of searched contacts has "0" contacts
+
+  Scenario: users can not be searched by email when searcher belongs to both a group excluded from sharing and another group
+    Given user "user0" exists
+    And group "ExcludedGroup" exists
+    And user "user0" belongs to group "ExcludedGroup"
+    And group "AnotherGroup" exists
+    And user "user0" belongs to group "AnotherGroup"
+    And parameter "shareapi_exclude_groups" of app "core" is set to "yes"
+    And parameter "shareapi_exclude_groups_list" of app "core" is set to "ExcludedGroup"
+    And user "user1" exists
+    And As an "admin"
+    And sending "PUT" to "/cloud/users/user1" with
+      | key | email |
+      | value | test@example.com |
+    When Logging in using web as "user0"
+    And searching for contacts matching with "test"
+    Then the list of searched contacts has "0" contacts
+
+  Scenario: users can not be searched by display name when searcher does not belong to a group allowed to share
+    Given user "user0" exists
+    And group "AllowedGroup" exists
+    And parameter "shareapi_exclude_groups" of app "core" is set to "allow"
+    And parameter "shareapi_exclude_groups_list" of app "core" is set to "AllowedGroup"
+    And user "user1" exists
+    And As an "admin"
+    And sending "PUT" to "/cloud/users/user1" with
+      | key | displayname |
+      | value | Test name |
+    When Logging in using web as "user0"
+    And searching for contacts matching with "test"
+    Then the list of searched contacts has "0" contacts
+
+  Scenario: users can not be searched by email when searcher does not belong to a group allowed to share
+    Given user "user0" exists
+    And group "AllowedGroup" exists
+    And parameter "shareapi_exclude_groups" of app "core" is set to "allow"
+    And parameter "shareapi_exclude_groups_list" of app "core" is set to "AllowedGroup"
+    And user "user1" exists
+    And As an "admin"
+    And sending "PUT" to "/cloud/users/user1" with
+      | key | email |
+      | value | test@example.com |
+    When Logging in using web as "user0"
+    And searching for contacts matching with "test"
+    Then the list of searched contacts has "0" contacts
+
+  Scenario: users can be searched by display name when searcher belongs to both a group allowed to share and another group
+    Given user "user0" exists
+    And group "AllowedGroup" exists
+    And user "user0" belongs to group "AllowedGroup"
+    And group "AnotherGroup" exists
+    And user "user0" belongs to group "AnotherGroup"
+    And parameter "shareapi_exclude_groups" of app "core" is set to "allow"
+    And parameter "shareapi_exclude_groups_list" of app "core" is set to "AllowedGroup"
+    And user "user1" exists
+    And As an "admin"
+    And sending "PUT" to "/cloud/users/user1" with
+      | key | displayname |
+      | value | Test name |
+    When Logging in using web as "user0"
+    And searching for contacts matching with "test"
+    Then the list of searched contacts has "1" contacts
+    And searched contact "0" is named "Test name"
+
+  Scenario: users can be searched by email when searcher belongs to both a group allowed to share and another group
+    Given user "user0" exists
+    And group "AllowedGroup" exists
+    And user "user0" belongs to group "AllowedGroup"
+    And group "AnotherGroup" exists
+    And user "user0" belongs to group "AnotherGroup"
+    And parameter "shareapi_exclude_groups" of app "core" is set to "allow"
+    And parameter "shareapi_exclude_groups_list" of app "core" is set to "AllowedGroup"
+    And user "user1" exists
+    And As an "admin"
+    And sending "PUT" to "/cloud/users/user1" with
+      | key | email |
+      | value | test@example.com |
+    When Logging in using web as "user0"
+    And searching for contacts matching with "test"
+    Then the list of searched contacts has "1" contacts
+    And searched contact "0" is named "user1"
+
+
+
  Scenario: users can not be found by display name if visibility is private
    Given user "user0" exists
    And user "user1" exists
--- a/build/integration/sharees_features/sharees.feature
+++ b/build/integration/sharees_features/sharees.feature
@ -117,6 +117,81 @@ Feature: sharees
    And "exact remotes" sharees returned is empty
    And "remotes" sharees returned is empty

+  Scenario: Search when belonging to a group excluded from sharing
+    Given As an "test"
+    And parameter "shareapi_exclude_groups" of app "core" is set to "yes"
+    And parameter "shareapi_exclude_groups_list" of app "core" is set to "ShareeGroup"
+    When getting sharees for
+      | search | sharee |
+      | itemType | file |
+    Then the OCS status code should be "100"
+    And the HTTP status code should be "200"
+    And "exact users" sharees returned is empty
+    And "users" sharees returned is empty
+    And "exact groups" sharees returned is empty
+    And "groups" sharees returned is empty
+    And "exact remotes" sharees returned is empty
+    And "remotes" sharees returned is empty
+
+  Scenario: Search when belonging to both a group excluded from sharing and another group
+    Given As an "test"
+    And group "AnotherGroup" exists
+    And user "test" belongs to group "AnotherGroup"
+    And parameter "shareapi_exclude_groups" of app "core" is set to "yes"
+    And parameter "shareapi_exclude_groups_list" of app "core" is set to "ShareeGroup"
+    When getting sharees for
+      | search | sharee |
+      | itemType | file |
+    Then the OCS status code should be "100"
+    And the HTTP status code should be "200"
+    And "exact users" sharees returned is empty
+    And "users" sharees returned are
+      | Sharee1 | 0 | Sharee1 | Sharee1 |
+      | Sharee2 | 0 | Sharee2 | sharee2@system.com |
+    And "exact groups" sharees returned is empty
+    And "groups" sharees returned are
+      | ShareeGroup | 1 | ShareeGroup |
+    And "exact remotes" sharees returned is empty
+    And "remotes" sharees returned is empty
+
+  Scenario: Search when not belonging to a group allowed to share
+    Given As an "test"
+    And group "AnotherGroup" exists
+    And parameter "shareapi_exclude_groups" of app "core" is set to "allow"
+    And parameter "shareapi_exclude_groups_list" of app "core" is set to "AnotherGroup"
+    When getting sharees for
+      | search | sharee |
+      | itemType | file |
+    Then the OCS status code should be "100"
+    And the HTTP status code should be "200"
+    And "exact users" sharees returned is empty
+    And "users" sharees returned is empty
+    And "exact groups" sharees returned is empty
+    And "groups" sharees returned is empty
+    And "exact remotes" sharees returned is empty
+    And "remotes" sharees returned is empty
+
+  Scenario: Search when belonging to both a group allowed to share and another group
+    Given As an "test"
+    And group "AnotherGroup" exists
+    And user "test" belongs to group "AnotherGroup"
+    And parameter "shareapi_exclude_groups" of app "core" is set to "allow"
+    And parameter "shareapi_exclude_groups_list" of app "core" is set to "AnotherGroup"
+    When getting sharees for
+      | search | sharee |
+     | itemType | file |
+    Then the OCS status code should be "100"
+    And the HTTP status code should be "200"
+    And "exact users" sharees returned is empty
+    And "users" sharees returned are
+      | Sharee1 | 0 | Sharee1 | Sharee1 |
+      | Sharee2 | 0 | Sharee2 | sharee2@system.com |
+    And "exact groups" sharees returned is empty
+    And "groups" sharees returned are
+      | ShareeGroup | 1 | ShareeGroup |
+    And "exact remotes" sharees returned is empty
+    And "remotes" sharees returned is empty
+
  Scenario: Search without exact match no iteration allowed
    Given As an "test"
    And parameter "shareapi_allow_share_dialog_user_enumeration" of app "core" is set to "no"